Yet Another VPN Post

[Phylum]

I'd like to setup a site-to-site VPN connection between two sites with 50Mbps up-links. I'm looking for an affordable router/VPN/firewall/UTM device that doesn't result in crazy stupid low VPN throughput speeds (like 12Mbps; that's nonsense) when on average upload speeds are around 40Mbps.

I wanted to use DD-WRT to do this but I don't have [that] much networking & OpenVPN experience to get it to work properly. As such I've been looking at the reviews here to get an idea of what the performance might be like.

What I want:
8+ Gigabit Ports - Preferably 12
VLAN Support - Multiple VLANs per port
Site-to-Site VPN Support
Good throughput - VPN Specifically then WAN to LAN/LAN to WAN
Jumbo Frames Support

What I don't care about:
WiFi - Handy as it could then replace another AP at home, but low priority.
3G/4G Support - Of no use at this time but could be *extremely* useful
USB Device Support (Printer, NAS, Storage whatever) - not likely to be ever used
Multiple WAN ports - not likely to be ever used

NOTE: The above are all niceties, but I either wouldn't be using them any time soon, if at all, the items in the previous list take precedence.​

What I've reviewed so far...

• ZyXEL VFG6005/VFG6005N - I like the price point (around/under $100), but throughput is the pits.
• WatchGuard WG50020 - Price point is very attractive, has an alleged 35Mbps VPN throughput but I haven't found many others with the device which makes me cautious. While it only has 6 LAN ports, what really irks me is that they're only 10/100.
• Cisco RV220W - Seems to be the ideal solution since it hits several of my desired features. I'm just not happy about the price since I have to buy two!
• Cisco RV042v3 - Likely the number 2 choice and not very strong either since its not gigabit.
• Netgear SRXN3205 - Decent throughput (20Mbps) but I know it'll never be that high; at least its gigabit.
• Netgear FVS318G & FVS336G - Crap throughput.
• Netgear FVS318N - Didn't see anything on throughput, but I imagine its similar to the 318G.
• Netgear SRX5308 - Great VPN throughput, but I don't need quad WAN ports and that's what I feel I'm really paying for. I'd rather substitute 2 or 3 of the WAN ports for 3G/4G support.

I'm interested in hearing about the hardware used in real-world site-to-site VPN solutions from the community as well as the top few pros & cons.

 

[Phylum]

Spoke with Cisco today, they suggested a Cisco 1941 with a handful of modules. I see how/why a company might want to go that route, but I'm not willing to spend upwards of $600 per device.

I mentioned the RV220W and while they said it was a good choice, they didn't give me explanations as to why the 1941 was the better solution.

I guess I shouldn't be surprised that they didn't offer the WRVS4400N, RV042G or RVS4000.

 

[thiggins]

To widen your choices, I would take jumbo frames and high # of Gigabit ports off the list. Jumbo frames don't really help much any more with current-generation Gigabit adapters and bus interconnects. And you can always buy an inexpensive switch to add ports.

How about the Cisco RV042G? They spec IPsec throughput @ 75 Mbps.

 

[YeOldeStonecat]

I'd like to setup a site-to-site VPN connection between two sites with 50Mbps up-links. I'm looking for an affordable router/VPN/firewall/UTM device that doesn't result in crazy stupid low VPN throughput speeds (like 12Mbps; that's nonsense) when on average upload speeds are around 40Mbps.
[*]Cisco RV220W - Seems to be the ideal solution since it hits several of my desired features. I'm just not happy about the price since I have to buy two![/LIST]

I'm interested in hearing about the hardware used in real-world site-to-site VPN solutions from the community as well as the top few pros & cons.

IMO, looking for Ferrari performance...on a Ford or Fiat price tag...you'll be looking for a long time. Over 30 meg VPN tunnel throughput...you're going to be looking at true business grade hardware, and that comes with a price tag.

Consider some hardware that runs PFSense...such as some Netgate appliance..although I deal with their 500 MHz units (have one one my desk now)...not sure what their fastest is. Or build a 1U unit with an i3 processor and Intel NICs and use PFSense. It's not in your budget...you'll spend around 4 hundge each...but it'll be solid and fast.

 

[Phylum]

To widen your choices, I would take jumbo frames and high # of Gigabit ports off the list. Jumbo frames don't really help much any more with current-generation Gigabit adapters and bus interconnects. And you can always buy an inexpensive switch to add ports.

How about the Cisco RV042G? They spec IPsec throughput @ 75 Mbps.

The 'wants' list was by no means a list of requirements! Was just trying to get as much as I can get! I've yet to see a decent device with anything more than 4 gig ports. I'm fine with 4 ports, but if I can get 8 or 12 for a bit more, why not.
I did eyeball the RV042G today but I'm hard pressed to see why I would choose that over the RV220W. Maybe I'm missing something?

IMO, looking for Ferrari performance...on a Ford or Fiat price tag...you'll be looking for a long time. Over 30 meg VPN tunnel throughput...you're going to be looking at true business grade hardware, and that comes with a price tag.

Hah! This sort of goes without saying - the same analogy could be used for just about anything, right? But don't get twisted - I get where you're coming from! So going with your car analogy, I'm looking for the unassuming sleeper that eats just about every other car on the road: The WRX STI (or the Evo).
We all know that vendors tend to advertise [theoretical], and possibly exaggerate, max speeds. But the real-world performance proves otherwise. With that in mind, if I get a product that claims 25 Mbps, when I complain about speeds around 10 Mbps, it'll just be the expected result. If I start high, the likelihood of getting something closer to reasonable speeds are much higher. The RV220W claims 90 Mbps, the RV042G 75 Mbps and SNBs review of the RV220W put it at nearly 40 Mbps, so I figure I'm probably going to get something close, hopefully no less than 20 on the low end but closer to 30 Mbps (or better).

Consider some hardware that runs PFSense...such as some Netgate appliance..although I deal with their 500 MHz units (have one one my desk now)...not sure what their fastest is. Or build a 1U unit with an i3 processor and Intel NICs and use PFSense. It's not in your budget...you'll spend around 4 hundge each...but it'll be solid and fast.

I love DYI solutions but there are a few hurdles I'm facing right now:

• I need to have something implemented & working before 7/13
• I don't have the knowledge to get something like that up and running quickly & easily
• Worried about power consumption due to an already taxed UPS environment.

I'm certainly not against it though. If I could perhaps use a mini-PC with a power sipping proc that probably wouldn't be a bad idea. I've never used PFSense but SNB has, what looks like, a decent little PFSense how-to, but time and patience are my enemies.
I'm happy to contract it out, with pay of course!

 

[KrisseZ]

I just bought the ZyXELL ZyWALL USG50 and tested it quickly with ZLD3.0 (newest firmware)

I was able to get 40 - 45 Mbps of windows file transfer through a AES256/SH1
Ipsec tunnel. (VPN throughput was advertised 95 Mbps max)

Paid 270€ for it. For what I can say, I think I got just what I paid for.
A device with many cool features, robust design, good performance and
continued firmware upgrade support for the lifespan of my device. Not many
vendors offer that for a business grade gear.

I've been insanely happy with it. Feel free to ask if you have other questions. Also our claykin is well knowledged in the ZyWALL family.

 

[Phylum]

First of all thanks to all that have replied. I appreciate the feedback!

KrisseZ: I had considered the USG20 but not the 50 so let me take a look at that. Those seem like great speeds to me, even if they are a far cry from 90 Mbps! Frankly anything around 30 or better is great for me.

Thanks again everyone!